All About Cookies is an independent, advertising-supported website. Some of the offers that appear on this site are from third-party advertisers from which All About Cookies receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear).
All About Cookies does not include all financial or credit offers that might be available to consumers nor do we include all companies or all available products. Information is accurate as of the publishing date and has not been provided or endorsed by the advertiser.
The All About Cookies editorial team strives to provide accurate, in-depth information and reviews to help you, our reader, make online privacy decisions with confidence. Here's what you can expect from us:
- All About Cookies makes money when you click the links on our site to some of the products and offers that we mention. These partnerships do not influence our opinions or recommendations. Read more about how we make money.
- Partners are not able to review or request changes to our content except for compliance reasons.
- We aim to make sure everything on our site is up-to-date and accurate as of the publishing date, but we cannot guarantee we haven't missed something. It's your responsibility to double-check all information before making any decision. If you spot something that looks wrong, please let us know.
Windows 10 and 11 come preinstalled with Microsoft's proprietary security center, Windows Security (formerly Windows Defender Security). To get the most out of your free PC protection, we recommend enabling 7 security enhancements, from anti-ransomware features to parental controls.
We walk you through the steps to locate and enable the core features of Microsoft Defender Antivirus (the free antivirus software part of Windows Security, the built-in security app, as well as the antivirus included in the premium Microsoft Defender service).
Plus, we cover whether Microsoft Defender Antivirus is any good and the top antivirus alternatives for Windows.
Top 7 Windows Security settings to enable in 2024
1. Enable anti-ransomware features
2. Enable Microsoft Defender Firewall
3. Turn on reputation-based protection
4. Enable Exploit protection
5. Turn on Core Isolation
6. Set up parental controls
7. Allow Windows Security notifications
Other important Windows Security features
Is Microsoft Defender Antivirus good?
FAQs
Bottom line
How to turn on Windows Security
The Windows Security app is an essential tool for maximizing protection in Windows 10 or 11.
The Windows Security app is a tool built into the Windows operating system (OS) that provides an overview of your device’s health and security, including virus and firewall protection. It provides settings for antivirus protection, firewall and networks, apps and browsers, device security, and options for tracking your kids’ online activity.
Updating your Windows Security settings can protect your system from malicious files like viruses and malware.
To find the Windows Security app in Windows 11, type Windows Security in the Search field (located in the taskbar at the bottom of your screen). Then, click Windows Security. A blue shield icon should show up in the taskbar. You can right-click the shield and select “Pin to taskbar” for easy access.
As an alternative to Search in Windows 11, you can do the following:
- Go to the Start menu.
- Select Settings.
- Choose Apps.
- Select Apps & Features.
- Select the three dots next to Windows Security.
Note that in the early versions of Windows 10, Windows Security was called Windows Defender Security Center.
As you scroll through the options in Windows Security, you’ll see a green checkmark for each setting turned on, along with a “No action needed” message. Click through the icons in the taskbar on the left to dig further into sections like Virus & threat protection and Account protection.
Top 7 Windows Security settings to enable in 2024
Here’s a list of Windows Security settings you’ll want to enable to ensure maximum protection against hackers, malware, phishing, and more.
1. Enable anti-ransomware features
Ransomware is a type of malware that encrypts your files and can lock you out of your computer until you pay a ransom.
Here’s how to enable Ransomware protection in Windows 10 or 11:
- Open Windows Security.
- Select Virus & threat protection.
- Find Ransomware protection and select Manage ransomware protection.
- Turn ON controlled folder access if it’s turned off, and select protected folders.
- You can select + Add a protected folder.
- If you need to remove protection from a folder, select it and then choose Remove.
Note that if Windows detects that you are using another antivirus program like McAfee VirusScan, you won’t see ransomware protection options in Windows Security, and Microsoft Defender Antivirus will turn off automatically (it will turn back on if you ever uninstall the other program). However, Microsoft Security has been updated to detect threats in passive mode. Simply turn on Microsoft Defender Antivirus to periodically check for threats even when another program is running.
Protection against ransomware is called controlled folder access. This means apps can’t access selected folders unless they’re trusted. You can specify which folders are protected.
In Windows 10 or 11, follow these steps to access controlled folders:
- Open Windows Security.
- Select Virus & threat protection.
- Select Ransomware protection.
- Switch Controlled folder access to ON.
There’s a section in Windows Security to review called Tamper protection. It stops malicious apps from disrupting Microsoft Defender Antivirus settings, such as real-time protection and cloud protection. If you’re using a third-party security app, the Windows Security Tamper protection settings won’t alter the settings in the other app.
Here’s how to find and change the Tamper Protection settings in Windows 10 or 11:
- Open Windows Security.
- Select Virus & threat protection.
- Select Manage settings.
- Switch Tamper Protection to ON.
2. Enable Microsoft Defender Firewall
Windows comes with a built-in firewall called Microsoft Defender Firewall. It stops unauthorized network traffic from traveling in and out of a local device. Microsoft recommends keeping its firewall on even if you’re using another antivirus with firewall protection.
Here’s how to enable Microsoft Defender Firewall in Windows 10 and 11:
- Open Windows Security.
- Select Firewall & network protection.
- Select one of these network profiles: Domain network, Private network, or Public network.
- Find Microsoft Defender Firewall and turn ON.
3. Turn on reputation-based protection
Reputation-based protection can guard your machine against potentially unwanted applications (PUA). These applications can slow down your computer, display unexpected ads, or install harmful apps. It can also protect against phishing.
Windows comes with this feature turned off on consumer machines. Potentially unwanted app blocking can block problematic apps that you downloaded or installed. However, it only blocks downloads if you’re using the Microsoft Edge browser.
Here’s how to turn on reputation-based protection in Windows 11:
- Open Windows Security.
- Navigate to App & browser control.
- Select Reputation-based protection settings.
- Switch on Phishing protection, Potentially unwanted app blocking, and SmartScreen.
In Windows 10, follow these steps:
- Open Windows Security.
- Choose App & browser control.
- Select Reputation-based protection settings.
- Click Potentially unwanted app blocking.
- Check Block apps.
- Check Block downloads.
4. Enable Exploit protection
The Enable Exploit protection feature provides a shield against exploits that could infect your devices and spread throughout your system. The settings apply to the OS or separate apps.
To enable Exploit protection in Windows 11, do the following:
- Open Windows Security.
- Go to Apps and browser control.
- Open Exploit protection settings.
- Go to Program settings and choose the app you want to protect.
- If the app is already listed, choose it and select Edit. If not, select Add program to customize.
- Select Add by program name to apply the Exploit protection settings to a running process.
- Select Choose exact file path if you need a standard Windows Explorer file picker window.
5. Turn on Core Isolation
Core isolation adds virtualization-based security features for added protection against hackers and malicious code. This prevents hackers from taking control of unsecured drivers on your computer.
This feature isolates core processes in memory. Memory integrity builds an isolated environment using hardware virtualization to protect against malicious programs.
Memory integrity in an isolated environment is like a security guard standing inside a locked booth. For applications to safely run a piece of code, the security guard must first approve the code. As Microsoft describes it, a scenario without memory integrity would be like a security guard monitoring your applications from outside the locked booth where someone could hijack the code approval process and allow malicious applications to run.[1]
If you have Windows 11 updated, you should already have Core isolation enabled. If not, follow these steps in Windows 11:
- Turn on Windows Security.
- Select Device Security.
- Select Core isolation.
- Under Core isolation, click Memory integrity.
6. Set up parental controls
Keeping a child’s devices safe is a key concern for any parent. This capability is available under Family options.
To access Family options, follow these steps:
- Open Windows Security.
- Select Family options.
- Select View family settings.
In this section, you can create a profile and customize settings for particular family members, such as setting screen time limits. In addition, you can select View devices to see where you and your family members have signed in.
7. Allow Windows Security notifications
Windows can let you know when updates are available to strengthen the detection of malware and other threats on your machine.
Follow these steps to enable Windows Security notifications:
- Open Windows Security.
- Select Settings.
- Choose Manage notifications (under Notifications).
- Turn ON Get informational notifications (under Virus & threat protection notifications).
Other important Windows Security features
Here are a few other Windows Security settings to keep in mind.
Set up Windows Security Updates
Follow these steps to configure security updates:
- Go to the Start menu.
- Select Settings.
- Select Windows Update.
Scan your PC with Microsoft Defender Antivirus
In addition to a full scan, you can also choose a quick scan, a custom scan, or a Microsoft Defender Antivirus offline scan. Here’s how to start scanning:
- Open Windows Security.
- Click Virus & threat protection.
- Select Scan options under Current threats.
- Select Full scan.
Temporarily turn off Microsoft Defender Antivirus
Microsoft Defender Antivirus automatically turns off if you’re running other antivirus software. Antivirus software is necessary to protect against threats of malware, viruses, phishing, and cyberattacks.
People may turn off Microsoft Defender Antivirus if it’s running a scan and they’re accessing sensitive data. Here’s how to turn off Microsoft Defender Antivirus:
- Open Windows Security.
- Select Virus & threat protection.
- Select Manage settings.
- Switch Real-time protection OFF.
How to turn on Microsoft Defender Firewall in Windows 10 or 11
Microsoft recommends keeping Defender Firewall on even if you are running a separate firewall. If you need to run an application that Microsoft Defender Firewall may block, you can allow it. Here’s how to turn on Microsoft Defender Firewall.
- Open Windows Security.
- Select a network profile from the following: Domain network, Private network, or Public network.
- Look for the Microsoft Defender Firewall and switch it ON.
Check your device health
Another key security feature involves managing your device health and performance. You can track battery life status and ensure no issues with apps and software.
Follow these steps to access settings for device performance & health.
- Open Windows Security.
- Select Device performance & health.
You can explore the Storage capacity section to check if your system is running low on disk space. You can also check Battery Life to find out if various applications are straining your battery.
Is Microsoft Defender Antivirus good?
Windows Defender (now rebranded as Microsoft Defender) is the antivirus product preinstalled with Windows. It offers some attractive features, such as parental controls, and can protect your devices from malware while you navigate the internet. However, it lacks webcam protection, which parents and other users may prefer.
AV-Test tested Microsoft Defender Antivirus in Sept/Oct 2024, and the software scored a perfect 6 out of 6 for protection, performance, and usability.[2]
The downside to Microsoft Defender Antivirus is it may bring reduced protection when using browsers like Google Chrome or Mozilla Firefox. You’ll have to stick with the Microsoft Edge browser to get the most protection. Microsoft Defender also lacks a password manager.
Given these limitations, we'd recommend checking out a third-party antivirus product that offers additional security features, such as a VPN, a password manager, identity theft protection, safe browsing, an ad blocker, and more.
Antivirus | ||||
Best for | Best overall antivirus software | All-in-one software | Comprehensive security | Best value |
Starting price | $29.00/yr (first year only) | $35.99/first yr | $29.99/first yr | $3.19/mo (billed annually) |
Features | Zero-day scans, anti-phishing, ransomware protection, password manager, ad blocker, TotalVPN | Antivirus protection, VPN, password manager, security for multiple devices | Antivirus, malware, ransomware, and hacking protection, cloud backup, password manager, Norton Secure VPN | Antivirus protection, Surfshark VPN, private search engine, data leak alerts, ad blocker |
Learn more | Get TotalAV | Get Aura | Get Norton360 Antivirus | Get Surfshark Antivirus |
FAQs
What are the best security settings for Windows 10 or 11?
Enable anti-ransomware features in Windows 10 or 11 so you won’t be locked out of using your computer and asked to pay a ransom (don’t ever pay a ransom, as it doesn’t guarantee recovery). Also, be sure to configure Windows Security notifications so you know when updates are available to strengthen the detection of malware and other threats on your machine.
What is Windows Security settings?
Windows Security settings is where you can manage the security providers that protect your device. It also lets you configure your Windows Security notifications.
Is Windows 10 or 11 Security all I need?
Yes, if you use the Microsoft Edge browser and Office 365, you will have solid protection with Windows Security and the default Microsoft Defender Antivirus. However, you may experience limited protection when using third-party browsers like Google Chrome or Firefox. If you want concurrent coverage with another reputable third-party solution, we recommend checking out the best antivirus software for Windows 11.
Bottom line
When you’re thinking about how to protect your Windows PC, remember to keep on top of your virus and security updates no matter which applications you use. Keep the following settings on to optimize your protection against cyberthreats:
- Anti-ransomware features
- Tamper protection
- Phishing protection
- Exploit protection
- Core isolation
In addition, be sure to update your online security settings for Google and the social media sites you use to ensure maximum protection against hackers and malware. You can also invest in another reputable third-party antivirus solution to use along with Microsoft Defender Antivirus.